[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debsums for maintainer scripts

On Thu, 04 Dec 2003 17:36:16 +0100, Thomas Viehmann <tv@beamnet.de> said: 

> Manoj Srivastava wrote:
>> Before we make such a push, we should at least ensure that it is
>> something we really want to do. I think locally generated checksums
>> are a better solution.
> To me, the main use of md5sums seems to be verifying nothing bad (as
> in accident, not malicious manipulation) happened to the extracted
> files.  md5sums included in the packages do that even earlier than
> those generated.

	Earlier than what?  You already can check the integrity of the
 .deb you are installing; don't install corrupted .debs. Now
 admittedly there is a window where files can be corrupted between
 unpacking and creating the checksums, in which case just run the ar
 .. tar -d incantation posted earlier to check the on disk file
 _after_ generating the checksum to make sure that that little window
 is also closed.

"All my life I wanted to be someone; I guess I should have been more
specific." Jane Wagner
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: